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(54) Method and system for securely handling information between two information processing 
devices 

(57) Described is a mechanism for securely han- 
dling an information unit by a first information process- 
ing device (2), for instance a terminal device like a chip 
card reader, which interoperates with a second secure 
information processing device (1), for instance a porta- 
ble device like a chip card, whereby the information unit 
is provided by an issuer. The information unit is provided 
from the issuer to the first device and encrypted by 
using a first key. The first key is also encrypted by using 
a second key. The second key is provided on the sec- 
ond secure device (1) and interconnecting the first and 
the second device enables to decrypt the first key by 
using the second key and then to decrypt the informa- 
tion unit by USing the first key. ! I I I ■ T^Transfer of Decrypted" 

7 1 w 1 Module 





FIG. 1 

CO 
CO 
CO 

CM 
CM 



LJJ 



BE6T AVAILABLE COPV 



Primed by Xerox (UK) Business Services 
2.16.7 (HRSJ/3.6 



BMSDOCID: <EP 1 022638A2 J_> 



EP 1 022 638 A2 



Description 

[0001] The invention generally relates to secure 
interoperation between two information processing 
devices where only one of these devices can handle 
information in a secure manner. In particular, the inven- 
tion relates to a method and a system for securely han- 
dling an information unit by a first information 
processing device, for instance a terminal device, inter- 
operating with a second secure information processing 
device, for instance a portable device like a chip card, 
whereby the information unit is provided by an issuer. 
[0002] It is commonly known that chip cards are not 
only utilized as a memory for storing data on it but also 
used as an access control medium or a medium to ena- 
ble and perform encryption and decryption of informa- 
tion. Therefore, from the beginning of development of 
chip cards, the field of cryptology has played a central or 
even dominant role. Meanwhile, the scientific results of 
this development field are inseparably related to chip 
card technology. 

[0003] The technical field of cryptology devides into 
two fields of activity, namely cryptography and cryptoa- 
nalysis. The field of cryptography embraces the science 
and methodology of encryption and decryption of infor- 
mation. The science of cryptoanalysis addresses to 
crack existing cryptographic systems. 
[0004] In the field of chip card technology, another 
major issue is practicability of the scientific and theoret- 
ical aspects of cryptology. 

[0005] The predominant objective of cryptology is, 
on the one hand, secrecy of information and, on the 
other hand, securing or safeguarding the authentication 
of information. Both objectives are independently of 
each other and thus have different requirements of the 
respective information system. Secrecy' means that 
only the addressed receiver is able to decrypt the con- 
tents of a message. In contrast to that, 'authenticity' 
enables the receiver of the message to secure that the 
received message has not been altered during trans- 
mission. 

[0006] For the following description of known tech- 
niques of data encryption/decryption it is referred to 
chapter 4 of the "Handbuch der Chipkarten", W. Rankl, 
W. Effing, 1996, Hauser Verlag, Munich-Vienna, which 
contents are regarded to be fully incorporated herein. 
Each encryption technique uses three types of informa- 
tion. Non-encrypted data are designated as "plain text" 
wherein encrypted data are designated as "cypher text". 
For encryption/decryption one or more keys are 
required as a third type of data. All these types of data 
are to be processed by an encryption algorithm. Crypto- 
graphic algorithms currently used in chip cards are gen- 
erally block-oriented, which means that the plain text 
and the cypher text are always processed as packages 
of a given length, e. g. 8 byte in case of the algorithm 
used by the decryption/encryption standard (DES) 
which is discussed in more detail in the following. 



[0007] It is emphasized hereby that the present 
invention is applicable to all described fields of cryptog- 
raphy like encryption, decryption, or one-way crypto- 
graphic functions like hash values or a digital signature 

5 verification mechanism. Modern cryptographic algo- 
rithms are generally based on the known Kerckhoff prin- 
ciple which says that the entire security of an algorithm 
shall only depend on secrecy of the underlying keys, but 
not on secrecy of the cryptographic algorithm itself. 

10 [0008] Besides Kerckhoff, a further known principle 
is security through masking which presumes that a ficti- 
tious attacker does not know how the system works. But 
the latter principle is by no means sufficient to secure an 
information handling system. The security of modern 

15 and already published cryptographic algorithms does, in 
practice, only depend on the performance of the com- 
puters used to crack a cryptographic algorithm and thus 
an alleged additional masking technique of the utilized 
methodology of cryption one achieves a considerably 

20 increased protection against attacks. Otherwise, the 
rapidly progressing development of computer perform- 
ance causes a doubling of performance within about 
one and a half years and thereupon the increasing 
number of participants of the worldwide computer net- 

25 work, e. g. the WEB, provide a further way to perform 
serious attacks on cryptographic systems or related 
keys. 

[0009] In order to crack a cryptographic algorithm, 
there are different ways of attacks. A first one is the 

30 "cypher text only attack" where the attacker does only 
know the cypher text and tries to obtain the key or plain 
text by use of this information. A more promising attack 
is the so-called "known plain text attack" where the 
attacker is in the possession of a number of plain- 

35 text/cypher-text pairs for a secret key. The secret key 
can be obtained by trial and error. The most trivial attack 
is to find out the secret key only through trial and error 
which is called "Brute force attack". By using a large 
performance computer, on the basis of a known plain- 

40 text/cypher-text pair, all feasible encryption keys are 
tried until the right one is obtained. The teaching of sta- 
tistics says that on an average only the half of all possi- 
ble keys has to be checked in order to find the right one. 
For that reason, a large space of possible keys renders 

45 that kind of attack more difficult. 

[001 0] Cryptographic algorithms are further divided 
into symmetric and asymmetric algorithms, dependent 
on the respectively utilized key. 'Symmetric' means that 
the algorithm for en- and decryption is using the same 

so key. In contrast to that, 'asymmetric' cryptographic algo- 
rithms, like that proposed by Whitfield Deffie and Martin 
E. Hellman in 1976. are using different keys for encryp- 
tion and decryption. The two major principles for a well 
performing encryption algorithm are the principles of 

55 'confusion' and 'diffusion' after C. Shannon. It is empha- 
sized that both types of algorithms can be taken as a 
basis for the present invention. 
[0011] Symmetric cryptographic algorithms are 



2 



)• <EP 1022638A2_I_> 



EP 1 022 638 A2 



based on the principle of utilizing the same key for both 
encryption and decryption. A well-known data encryp- 
tion algorithm called 'Data Encryption Algorithm' (DEA) 
has been proposed by the applicant of the present 
application together with the U.S. National Bureau of 5 
Standards developed in 1977. This standard algorithm 
is often be referred to as Data Encryption Standard' 
(DES). Since that algorithm is designed in consideration 
of Kerckhoff's dogma, it could be published without any 
impact on its security. For the details of that algorithm it 70 
is further referred to National Institute of Standards and 
Technology (NIST), FIPS Publication 46-2, "Data 
Encryption Standard", December 1993. 
[0012] The principle of 'confusion' means that the 
statistics of the cypher text shall influence the statistics 15 
of the plain text so that an attacker can not take profit by 
that. The second principle "diffusion" means that every 
bit of the plain text and of the key shall influence as 
much bits of the cypher text as possible. 
[0013] The DEA is a symmetric encryption algo- 20 
rithm using block architecture. It does not perform 
expansion of the cypher text which means that plain text 
and cypher text are of identical lenght. The block length 
is 64 bit (= 8 byte), the key is also 64 bit long but 
includes 8 parity bits whereby the available space of 25 
possible keys is considerably reduced which is in case 
of DES 2 56 = 7.2 x 1 0 16 possible keys. But in view of the 
continuously and permanently increasing computer per- 
formance such a space of possible keys is regarded as 
the lower limit for the required security of a crypto- 30 
graphic algorithm. 

[0014] As an examplary asymmetric cryptographic 
algorithm, it is referred to the one proposed by Whitfield 
Deffie and Martin E. Hellman, published in 1976, which 
is based on two different keys. One of these keys is pub- 35 
lie, the other is secret. An information or message is 
encrypted by using the public key prior to transmission 
of an information and only the owner of the secret key is 
enabled to decrypt again the encrypted message. In 
particular, that principle for the first time enables irrtple- 40 
mentation of a digital signature which in principle can be 
verified by everyone who is in the possession of the 
required (public) key Examplarily, it is referred to a first 
implementation of the prementioned principle for asym- 
metric cryptographic algorithms, namely the 'RSA* algo- 45 
rithm proposed by Ronald L. Revest, Adi Shamir and 
Leonard Adleman which is the currently best known and 
most- versatile asymmetric cryptographic algorithm. Its 
functional principle is based on the arithmetic of big 
integer numbers. Both keys are generated based on two so 
big prime numbers. Encryption and decryption can be 
mathematically expressed by a modulo function, 
namely incase of encryption y = x e mod n ( fo r decryp- 
tion x = y mod n with n = p x q wherein x = plain text, 
y = cypher text, e = public key, d = secret key. n = public 55 
modulus and p, q = secret prime numbers. 
[001 5] For the further details of an implementation 
of the RSA algorithm it is accordingly referred to R. L 



Rivest, A. Shamir, and L M. Adleman "A Method for 
obtaining Digital Signatures and Public-Key Cryptosys- 
tems". Communications of the ACM, 21(2). pages 120 - 
126, February 1978. 

[001 6] In addition to secrecy of information, another 
paradigma for encryption algorithms is , aLlthenticity , of a 
received message or information. As mentioned above, 
authenticity means that a message is not altered e. g. 
not manipulated. For that purpose, to the actual mes- 
sage a message authentication code is appended and 
both parts are transmitted to the reveiver. The receiver 
is enabled to calculate its own message authentication 
code (MAC) and compares that code with the received 
code. In case of both matching, it is secured that the 
transmitted message has not been altered during trans- 
mission. For generating a MAC, a cryptographic algo- 
rithm with one secret key which is known to both 
communication partners is utilized. For the calculation 
of a MAC in principle every cryptographic algorithm can 
be used, but in practice, the above mentioned DEA 
algorithm is utilized nearly exclusively. 
[0017] A particular scenario for the present inven- 
tion is a situation where a chip card is inserted in a chip 
card acceptance device - in the following called termi- 
nal device" - which does not yet have a support module 
capable of accessing the card or to fulfill a particular 
function of the chip card on the terminal. Therefore it is 
required to obtain the missing software component from 
an other source of information e. g. to download such 
required module from a central server connected to the 
internet. It is noted that the terminal device can either be 
a computer, like a personal computer or network com- 
puter with a chip card reader/writer hardware, or a spe- 
cialized device combining the chip card reader/writer 
hardware with an embedded computer. 
[001 8] The transmission will often take place over a 
network that is open to attacks, ft is known that the chip 
card hereby ensures that the software component in the 
device accessing the chip card shares a secret to the 
chip card by using mechanisms called external authen- 
tication or challenge/response. Further, it is known that 
a digital signature secures the download of software but 
the public keys of all potential senders have to be stored 
on the hard disk of the computer. Therefore, it is neces- 
sary that it can be ensured that the software was riot 
altered on its way through the network and that the soft- 
ware was sent by the owner of the public key. But getting 
the public key for signature verification must also be 
done in a secure way, before the download is secure. 
This requires a chain of certification authorities. 
[0019] On the other hand, an authentication mech- 
anism is needed to verify that the obtained software 
component is the most recent issued release of that 
software. Today, the version control is handled by con- 
tinuously increasing a version number. 
[0020] It is therefore an object of the present inven- 
tion to provide a method and a system for securely inter- 
operating a first information processing device, in 
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particular a terminal device like a chip card reader, and 
a second secure information processing device, in par- 
ticular a portable device like a chip card, where the first 
device does not yet have an information unit like a soft- 
ware component required for interoperating the first and 
the second device like providing or controlling access to 
the second secure device. It is therefore required that 
the missing information unit is obtained from an other 
source of information. A particular object of the inven- 
tion which is strongly related to the above object is that 
gathering the missing information unit is to be accom- 
plished in a secure manner. 

[0021] In order to solve the above objects and to 
avoid the above-mentioned drawbacks of existing 
mechanisms and systems, the invention proposes that 
the information unit is provided from the issuer to the 
first information processing device whereby the informa- 
tion unit is processed by a cryptographic process i.e. for 
instance encrypted and/or signed by a signature. The 
required key for the cryptographic process is particularly 
provided on the second secure information processing 
device. The information unit is cryptographically reproc- 
essed i.e. for example decrypted and/or its signature 
verified by using the key. It is emphasized that the infor- 
mation unit can be secured by alternatively using 
encryption/decryption and signature verification or by 
using both mechanisms in parallel. 
[0022] According to a first preferred embodiment, 
the information unit is provided from the issuer to the 
first information processing device whereby the informa- 
tion unit is encrypted by using a first key which is also 
provided in an encrypted format by using a second key. 
The second key is provided on the second secure infor- 
mation processing device and interconnecting the first 
information processing device and the second secure 
information processing device therefore enables to 
decrypt the first key by using the second key. By using 
the decrypted first key, the information unit can also be 
decrypted. 

[0023] According to a second preferred embodi- 
ment of the invention, the information unit is provided 
from the issuer to the first information processing device 
whereby the information unit is signed by using a signa- 
ture. The signature is provided from the issuer to the 
first information processing device whereby the signa- 
ture is generated by using at least one key. Further the 
at least one key for signature verification is provided on 
the second secure information processing device. After 
the first information processing device and the second 
secure information processing device have been inter- 
connected, the at least one key for signature verification 
is transferred from the second secure information 
processing device to the first information processing 
device. Finally the signature of the information unit is 
verified by using the at least one key. 
[0024] It is noteworthy that the information unit can 
be any set of (pure) data or an executable code like an 
application program or a hardware driver to run on the 



second secure device and/or the other device(s), i. e. 
any kind of information. Further the information unit can 
serve to run specific functions of the second secure 
device on the first device or on at least a third device 
5 attached to the first device. In particular, the information 
unit can provide an access control for the second 
secure device. Further, the second secure information 
processing device can be any device where the issuer 
of that device, and of the information unit, can secure 
10 that the private key "I" is secure and not alterable, i. e. 
securely stored on the device. Exemplary devices are 
chip cards, in particular smart cards, Personal Comput- 
ers with an according access control, or any other port- 
able devices like laptops, palmtops, organizers, etc. 
75 Accordingly, the first information processing device can 
be any device with which the second secure device can 
interoperate like a card accepting device, e.g. a card 
reader, or even a computer with a card accepting device 
attached thereto. 
20 [0025] In particular, according to the invention, the 
second secure device provides the second key by which 
the first key has been encrypted and therefore intercon- 
necting the first, device and the second device enables 
firstly to decrypt the first key by using the second key 
25 and, secondly, to decrypt the information unit by using 
the decrypted first key. The basic concept of the inven- 
tion therefore is to have the private (second) key 
securely stored on the second secure information 
processing device what guarantees that this key will 
30 remain private i. e. can not be gathered by a third party. 
[0026] In case of a chip card and a chip card 
accepting device, the invention particularly enables 
dynamic secure download and execution of a missing 
software support, for instance support needed for spe- 
35 cif ic functions of a chip card on a device attached to the 
chip card acceptance device. The software component 
can only be decrypted by the usage of a key T\ This 
key is transmitted in an encrypted form as key Tj" 
together with the software encrypted with it. Key "Tf can 
40 only be decrypted by the chip card knowing the key T 
that was used to encrypt the key T\ The key T is 
stored on the chip card by the issuer at the time of card 
issuing. One of the advantages of this procedure is that 
the issuer of the card can secure that the key "I" is a pri- 
45 vate key insofar as it is guaranteed that the key is not 
known by others. Further, any laterly required software 
support for the chip card can be secured by using this 
key. On the other hand, the session key "T" which 
maybe will be known by others through transfer to the 
so terminal device, can be changed by the issuer from ses- 
sion to session thus considerably enhancing data secu- 
rity. To make the card decrypt key "T" using key "I". a 
command (APDU) is passed to the chip card that was 
transmitted together with the software module to be 
55 decrypted and used. In other words, the chip card which 
may be controlled by the downloaded software, itself 
plays a critical role in securing the integrity of the driving 
software. Insofar, the chip card itself retrieves the key T 
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which has been used to encrypt the downloaded soft- 
ware via decryption of the encrypted key T|. To prevent 
alteration of the transmitted software module, it is pro- 
posed that it will be encrypted or signed with one ol the 
standard algorithms described in the introductory part. 5 
The issuer of the software has the required encryption, 
decryption or signature keys. Instead of requiring the 
terminal device to store and retrieve the matching 
decryption key or fetch the matching certificate, the 
present invention describes a way of using the chip card w 
itself to retrieve that key. The chip card advantageously 
is the most secure and most convenient way to store the 
secret decryption key or the certificate or the card 
issuer. In this way, only software that is certified by the 
card issuer should be allowed to access the card. 15 
[0027] It is emphasized that beyond encryp- 
tion/decryption the invention can also employ digital 
signing or digital signature verfication for the encryption 
by using the first key and/or the second key. For this sig- 
nature case, the described mechanism provides a 20 
trusted way to the issuer's public signature key without 
the requiring complex certificate handling including 
chains of trust. 

[0028] The information unit can advantageously be 
a program module or data to control access to a porta- 25 
ble device by the terminal device, the integrity of the 
information unit hereby playing a rather critical role for 
data security. Further, the information unit can be an 
application program which can run either on the porta- 
ble device or the terminal device or can serve to run 30 
specific functions of the portable device on the terminal 
device or on a second device attached to the terminal 
device. Also in these cases, data integrity plays a domi- 
nant role. 

[0029] Portable devices like chip cards commonly 35 
provide only limited resources for processing data and 
according limited space for storing data. Therefore, 
according to another embodiment of the invention, both 
the decryption of the first key and the decryption of the 
information unit are accomplished on the terminal 40 
device's side. 

[0030] In order to provide a more powerful and 
automatically operating system, according to another 
embodiment of the invention the first device provides a 
control command (APDU) to the second secure device 45 
which initiates or triggers the transfer of the second key 
to the first device, or initiates or triggers the beginning of 
decryption of the first key by using the second key. v 
Hereby an operating system or program of the first 
device advantageously must not know how to decrypt so 
key Tj" and can be freed from performing the decryp- 
tion procedure. The first device only passes the APDU 
command to the second secure device. This embodi- 
ment enables that the entire procedure proposed by the 
invention can be performed in the background i. e. not 55 
visible to the user whereby in particular the required 
second key is transferred to the first device without any 
needed interaction by the user. 



[0031] In a preferred embodiment of the invention, 
the encrypted information unit and the encrypted first 
key are downloaded from a central server, e.g. a server 
interconnected with the Internet, particularly from a 
server provided by the issuer of the second secure 
device. Alternatively, the above mentioned control com- 
mand can be downloaded, too, from such a server. In 
view of the continuously increasing meaning of the 
Internet, such kind of software support via download is 
a preferred way to obtain a required information unit. 
[0032] In a further preferred embodiment of the 
invention, the second key required to decrypt the first 
key is securely stored on the second secure device at 
time of its issuing by the issuer. Since the issuer of the 
card will often be identical with the issuer of the informa- 
tion unit, it is hereby guaranteed that the second key will 
be compatible with the encryption of the first key. 
[0033] According to a further embodiment of the 
invention, a third key can be used for authentication or 
version control of the underlying information unit. 
Hereby the second secure device contains a version 
number and a key "E" which the downloaded informa- 
tion unit accessing the second secure device "must 
know. To prove that the information unit has the match- 
ing key "E", a challenge/response mechanism ("exter- 
nal authentication") is used. This allows the issuer of the 
second secure device by changing the key "E" on that 
device, in combination with the other steps of the pro- 
posed mechanism, to initiate the second secure device 
and/or the first device to download a new version of the 
underlying information unit. 

[0034] Using such a third key, it is possible to realize 
a further automatisation of the proposed mechanism 
where the first device is initiated to download a hew 
release of the information unit. 

[0035] The proposed arrangement of the two differ- 
ent key levels enables, in accordance with another pre- 
ferred embodiment of the invention, that the first key can 
be randomized between different sessions of interoper- 
ating the first and the second device, i. e. the issuer of 
the second secure device every time can use another 
random key T to encrypt the information unit with the 
cryptographic function. Therefore, it is advantageously 
not compromising the security that the key T is given 
back from the second device to the first device in a clear 
form. 

[0036] It is emphasized again that the method and 
system according to the invention can be applied to 
signing and signature verification accordingly. 
[0037] Further features, details and advantages of 
the present invention will become evident from the fol- 
lowing detailed description of embodiments of the 
invention and the corresponding accompanying draw- 
ing. 

[0038] In the drawing show: 

Fig. 1 a schematic view of a preferred embodi- 
ment of the invention together with the 
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underlying dataflow; 

Fig. 2a a flow diagram illustrating a method for 
encryption/decryption according to the 
invention; 

Fig. 2b a flow diagram according to Fig. 2a in case 
of a signing/signature verification. 

[0039] Fig. 1 depicts a scenario where a chip card 1 
is inserted in a chip card reader 2 which does not yet 
have a required software component capable of access- 
ing the chip card 1. Therefore the operating system of 
the card reader 2 initiates that the missing software 
component be downloaded 3 from a central server 4 to 
the card reader 2. In order to validate that the down- 
loaded software component was certified by the issuer 
and has not been altered in the meantime, in accord- 
ance with the invention, the following mechanism is pro- 
posed. The issuer's certificate and corresponding 
private key T is stored on the chip card 2 at the time the 
card is issued. Prior to the software download 3, an 
encryption with a session key "T is applied to the 
underlying software component. The downloaded data 
therefore contains the cyphered software plus key "Tf, 
i. e. the key *T" encrypted by a key T, plus a command 
(APDU) to trigger or to make the chip card 1 decrypt key 
"Tj". The APDU command, when sent to the chip card 1 , 
results in a decryption of the key T" to reveal key T 
that was used to encrypt the software component. Due 
to the above-mentioned combination of two different key 
levels, the card issuer can every time change key "T" by 
another random key to encrypt the service with the 
encryptographic function. Therefore, it is not compro- 
mising the security that the key T" is given back from 
the chip card 1 to the card reader 2 (terminal device) in 
clear form. The software module, in this embodiment, is 
to drive the terminal device 2 to access the chip card 1 , 
but such a software module can also be an application 
program to run on either the chip card 1 or the terminal 
device 2 or fulfill specific functions on the terminal 
device 2 or another (optional) device 5 connected or 
attached to the terminal device 2. The device 5 can be 
part of the terminal device and can be any information 
handling device or system, or only part of such a system 
like a video display or the like. Normally the terminal 
device 2 will be a non-intelligent card accepting device 
and the device 5 an intelligent card reader. Further, the 
software module can be a driver to drive the chip card or 
an instrument to control access to the chip card itself. 
[0040] It is emphasized that the functionality of the 
terminal device as proposed by the invention can be 
implemented by means of common memory and proc- 
essor hard- and software components. 
[0041] The underlying encryption/decryption proc- 
ess consists of the following steps. The information unit 
s is encrypted by using the key T" and the key T" is 
encrypted by using key "I" as follows: 



x = enc (s, T); 
T | = enc(T, I). 

5 [0042] Both "x" and 'Tj" are transferred from the 
central server 4 to the card reader 2. The card reader 2 
then instructs the chip card 1 to decrypt "Tj" using "I": 

T = dec (T jt I). 

w 

[0043] The chip card 1 returns the decrypted key 
"T" to the card reader 2. The card reader 2 uses the key 
"T" to decrypt the information unit "x": 

is s = dec (x, T). 

[0044] Fig. 2a depicts a flow diagram illustrating a 
method for encryption/decryption according to a pre- 
ferred embodiment of the invention. When the chip card 
20 is inserted 20 in the card reader, the card reader firstly 
checks 21 whether a software support module, e. g. one 
required to access the chip card or to run a specific 
function of the chip card on the card reader, or a further 
device attached to the card reader, is locally available. 
25 In case it is 22, it is jumped to step 23 where the availa- 
ble module is executed 23. If the module is not available 
24, the card reader builds up an online (telecommunica- 
tion) connection to the central server and downloads 25 
the required module from the server. It should be noted 
30 that the download of the module is only an exemplary 
embodiment i. e. the module can alternatively be pro- 
vided by the issuer via post nail of a data carrier like a 
floppy disk According to the invention, the downloaded 
module will be in an encrypted format wherein for the 
35 encryption an encryption key "T is used. Together with 
the support module, the encryption key is downloaded 
too, but also in an encrypted format T" wherein for the 
encryption a further encryption key "I" is used. Further 
an APDU' control command is downloaded for activat- 
40 ing the chip card to participate in the following decryp- 
tion process as proposed by the invention. As it is 
commonly used, the overall package (support module + 
Tj + APDU) can be downloaded as one file, e. g. in a 
compressed format using known compression tools like 
45 "WINZIP" or "PKZIP". 

[0045] Then the 'APDU' control command is sent 26 
to the chip card in order to initiate or to trigger the chip 
card to decrypt 27 the encrypted key T|" by using key 
T. Alternatively the chip card can be initiated to trans- 
50 mit the key T to the card reader and the decryption of 
Tj" performed by the card reader. In case the chip card 
fulfills the decryption, the decrypted key T" will be 
transferred back 28 to the card reader and then the sup- 
port module be decrypted 29 by an operating system or 
55 program available on the card reader, by using the key 
T\ The resulting decrypted support module then will be 
executed 23 by the card reader. 
[0046] In case of an underlying signature/signature 
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verrficaton, the mechanism proposed by the invention 
consists of the following steps. The information unit "s" 
is signed by using a signature key T: 

x = sign (s, l priv ). 

[0047] Both "x" and "s" are transferred from the cen- 
tral server 4 to the card reader 2. The card reader 2 then 
gathers the key T for signature verification from the 
chip card 1 and performs the following signature verifi- 
cation operation: 

signver (s.x. I pub ) == OK? 

[0048] A corresponding flow diagram depicted in 
Fig. 2b shows the proposed mechanism in case of the 
signing/signature verification instead of the above 
described data encryption/decryption. As in Fig. 2a, 
after the chip card is inserted 30 in the card reader, the 
card reader checks whether a required support module 
is locally available 31. If so 32, the module is executed 
33. If not 34, the required module and the 'APDU' com- 
mand are downloaded 35 from the central server 
whereby the module is signed with a private key "Ipriv". 
The *APDU' command is accordingly sent 36 to the chip 
card in order to initiate or trigger the chip card to send 
back 37 a public key "l pu5 " which is necessary to verify 
38 the signature. According to the teaching of the inven- 
tion, the required public key "l pub M is provided by the chip 
card itself and transferred to the terminal device at first 
when having received the 'APDU' command. This key is 
then used to verify the signature of the downloaded 
module and in case of a matching signature 39, the soft- 
ware module is executed 33, for instance in order to 
drive the chip card to execute a particular application 
either in the chip card or the card reader. If both signa- 
tures do not match 40, an error message of the kind 
'Invalid Signature' is output by the card reader, e. g. 
acoustically or by means of a display. 
[0049] In cases where the card reader has a secure 
software execution that only allows code to be executed 
that was validated by the chip card, i. e. it can not only 
be ensured that the downloaded software was not 
altered, but also that the software was certified by the 
issuer of the card, and that the version of the software is 
appropriate. 

[0050] Thereupon it is secured that the code can 
only be executed if it was certified by the issuer of the 
card, the issuer can make sure that the software 
accessing the card does not make any operations that 
can insecure the system like sending data to somebody 
else or logging data. 

[0051] For a version control, the following step can 
be added to the sequence of steps depicted in either 
Fig. 2a or Fig. 2b: 

External authentication with key "E" in order to ver- 
ify that the version of the software module matches 
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the smart card. 

[0052] Authentication is herein regarded as any 
process through which one proves and verifies certain 
information. A chip card commonly uses external 
authentication to establish the identity of the terminal. 
This is done by ensuring that the terminal device shares 
a secret with the chip card. 

[0053] An external authentication starts with the 
chip card wondering about the terminal's identity and 
sending a challenge - for example a random 8-byte 
sequence - to the terminal whose identity is being ques- 
tioned. The terminal receiving the challenge encrypts it 
with its secret, a particular key, and sends back the 
encrypted result. The chip card now decrypts the 
encrypted message using the key it knows the terminal 
possesses if it is authentic. If the message decrypts sat- 
isfactorily, i. e. the decrypted challenge is identical to the 
challenge originally sent by the chip card, then the chip 
card knows that the terminal possesses a particular key 
and this establishes its identity. 

Claims ^ 

1 . A method for securely handling an information- unit 
by a first information processing device (2) interop- 
erating with a second secure information process- 
ing device (1), in particular a chip card, whereby the 
information unit is provided by an issuer, 

the method being characterized by the steps: - 

providing (3, 25, 35) the information unit from 
the issuer to the first information processing 
device (2), the information unit being proc- 
essed by a cryptographic process; 

providing at least one key for the cryptographic 
process on the second secure information 
processing device (1); 

cryptographically reprocessing (29, 38) the 
information unit by using the at least one key. 

2. Method according to claim 1 , characterized by the 
particular steps: 

providing (3, 25, 35) the information unit from 
. the issuer to the first information processing 
device (2), the information unit being encrypted 
by using at least a first key; 

providing the first key from the issuer to the first 
information processing device (2), the first key 
being encrypted by using at least a second key; 

providing the at least one second key on the 
second secure information processing device 
(1); 
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interconnecting the first information processing 
device (2) and the second secure information 
processing device (1); 

on side of the second secure information 
processing device, decrypting (27) the at least 
first key by using the at least second key; 

decrypting (29) the information unit by using 
the decrypted at least first key. 

3. Method according to claim 1, characterized by the 
particular steps: 

providing (3, 25, 35) the information unit from 
the issuer to the first information processing 
device (2), the information unit being signed by 
using a signature; 

providing the signature from the issuer to the 
first information processing device (2), the sig- 
nature being generated by using at least one 
key; 

providing the at least one key for signature ver- 
ification on the second secure information 
processing device (1); 

interconnecting the first information processing 
device (2) and the second secure information 
processing device (1); 

transferring the at least one key for signature 
verification from the second secure information 
processing device to the first information 
processing device; 

verifying the signature of the information unit by 
using the at least one key. 

4. Method according to claim 1 or 2, characterized in 
that the decrypted at least first key is transferred to 
the first information processing device (2) and the 
information unit is decrypted (29) on side of the first 
device (2). 

5. Method according to one or more of the preceding 
claims, characterized in that the first information 
processing device (2) provides a control command 
(26, 36) to the second secure information process- 
ing device (1) to initiate decryption of the at least 
first key by using the at least second key and/or to 
initiate transferring the signature key for signature 
verification from the second secure device to the 
first device. 

6. Method according to one or more of the preceding 
claims, characterized in that the encrypted informa- 



tion unit, the encrypted first key, and/or the signa- 
ture key, and/or the generated signature, and/or the 
control command are downloaded (25, 35) from a 
central server (4). 

5 

7. Method according to one or more of the preceding 
claims, characterized in that the second key and/or 
the key for signature verification are/is securely 
stored on the second secure device (1) at time of its 

10 issuing by the issuer. 

8. Method according to one or more of the preceding 
claims, characterized in that providing at least a 
third key for external authentication and/or release 

75 control of the respective information unit. 

9. Method according to claim 8, characterized in that 
the first device (2) is initiated to gather a new 
release of the information unit from the issuer, 

20 depending on the respective status of the third key. 

10. Method according to claim 9, characterized in that 
the new release of the information unit is down- 
loaded from an internet server (4) provided by the 

25 issuer. 

11. Method according to one or more of the preceding 
claims, characterized in that the at least first key 
and/or the signature are/is randomized between dif- 

30 ferent sessions of providing the information unit 
from the issuer to the first device (2). 

12. Method according to one or more of the preceding 
claims, characterized in that the first information 

35 processing device (2) being a terminal device, in 
particular a chip card reader, and the second 
secure information processing device (1) being a 
portable device, in particular a chip card. 

40 13. A system for securely handling an information unit, 
comprising a first information processing device (2) 
interoperating with a second secure information 
processing device (1), in particular a chip card, the 
information unit being provided by an issuer, 

45 characterized in that 

the first device (2) comprises 

a storage for storing the information unit; 

50 

the second secure device (1) comprises 

a storage (6) for storing at least one key for 
a cryptographic process; 

55 

providing means for cryptographically reprocessing 
the information unit by using the at least one key. 
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1 4. System according to claim 13, characterized in that 
the first device (2) comprises 

a storage for storing the information unit, 
encrypted by using at least a first key, and 
a storage for storing the first key, encrypted 
by using at least a second key; 

the second secure device (1) comprises 



a storage (6) for storing the at least one 
second key, and processing means for 
decrypting the at least first key by using the 
at least second key; 



key for signature verification from the second 
secure device to the first device. 

20. System according to one or more of claims 13 to 
19, characterized in that the first device (2) com- 
prises means to download the encrypted informa- 
tion unit, the encrypted first key, and/or the 
generated signature, and/or the control command, 
from a central server (4). 



10 



21. System according to one or more of claims 13 to 
20, characterized in that the second secure device 
(1) comprises a non-erasable storage to store the 
second key and/or the signature key at time of its 
is issuing. 



providing means for decrypting the information unit 
by using the decrypted at least first key. 

1 5. System according to claim 1 3, characterized in that 

the first device (2) comprises 

a storage for storing the information unit 
and a signature for the information unit; 

the second secure device (1) comprises 

a storage (6) for storing at least one signa- 
ture key; 

providing means for verifying the signature of the 
information unit by using the at least one signature 
key. 

16. System according to one or more of claims 13 to 

15, characterized in that the second secure device 
(1) provides an access control by means of the 
information unit. 

17. System according to one or more of claims 13 to 

16, characterized in that the second secure device 
(1) comprises a processor to make specific func- 
tions of the second secure device usable/accessa- 
ble on the first device or on at least a third device (5) 
attached to the first device. 

18. System according to one or more of claims 13, 14, 
16 or 17, characterized in that the first device (2) 
comprises processing means for decrypting (29) 
the information unit by use of the decrypted at least 
first key. 

19. System according to one or more of claims 13 to 
18, characterized in that the second secure device 
(1) comprises means to initiate decryption of the at 
least first key by using the at least second key 
and/or means to initiate transfer of the signature 



22. System according to one or more of claims 13 to 

21, characterized in that the first device (2) and/or 
the second secure device (1) comprise/s a storage 

20 (6) for storing at least a third key for external 
authentication and/or release control of the infor- 
mation unit and processing means (7) for process- 
ing the third key. 

25 23. System according to one or more of claims 13 to 

22, characterized in that the first device (2) com- 
prises means to initiate download of a new release 
of the information unit, depending on the respective 
status of the third key. 

30 

24. System according to one or more of claims 13 to 

23, characterized in that the central server (4) com- 
prises a randomizer for randomizing the at least first 
key and/or the signature between different sessions 

35 of providing the information unit from the issuer to 
the first device. 

25. System according to one or more of claims 13 to 

24, characterized in that the first information 
40 processing device (2) being a terminal device, in 

particular a chip card reader, and the second 
secure information processing device (1) being a 
portable device, in particular a chip card. 

45 26. A chip card (1 ) for securely handling an information 
unit by interoperating with an information handling 
terminal device (2), characterized in that using a 
method according to one or more of claims 1 to 12 
arid/or being usable in a system according to one or 

so more of claims 1 3 to 25, whereby comprising a stor- 
age (6) for storing the at least one key for the cryp- 
tographic process. 

27. Chip card according to claim 26, characterized by 
55 processing means (7) performing an access control 

controlled by the information unit. 

28. Chip card according to claim 26 or 27, character- 
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ized by a processor (7) to run specific functions on 
the terminal device (2, 5) or on at least a second 
device attached to the terminal device (2, 5). 

29. Chip card according to one or more of claims 26 to 

28, characterized by means for transferring of the at 
least one second key to the terminal device (2, 5) 
and/or means for decrypting of the at least first key 
by using the at least second key and/or means to 
initiate transfer of the signature key for signature 
verification. 

30. Chip card according to one or more of claims 26 to 

29, characterized by a non-erasable storage (6) to 
store the second key and/or the signature key at 
time of its issuing. 

31 . Chip card according to one or more of claims 26 to 

30, characterized by a storage (6) for storing at 
least a third key for external authentication and/or 
release control of the information unit and process- 
ing means (7) for processing the third key. 

32. Chip card according to claim 31 , characterized by 
processing means (7) to initiate download of a new 
release of the information unit, depending on the 
respective status of the third key. 

33. A chip card accepting device (2), in particular a chip 
card reader, for securely handling an information 
unit by interoperating with a chip card (1), charac- 
terized in that using a method according to one or 
more of claims 1 to 10 and/or being usable in a sys- 
tem according to one or more of claims 13 to 25 
and/or being usable for a chip card (1) according to 
one or more of claims 26 to 32, whereby comprising 
a storage for storing the information unit. 

34. Chip card accepting device according to claim 33, 
characterized by means for decrypting the informa- 
tion unit by using at least one key. 

35. Chip card accepting device according to claim 33 or 
34, characterized by means for verifying a digital 
signature. 

36. Chip card accepting device according to one or 
more of claims 33 to 35, characterized by means for 
downloading the encrypted information unit, the at 
least one key and the digital signature from a cen- 
tral server (4). 

37. Chip card accepting device according to one or 
more of claims 33 to 36, characterized by a storage 
for storing at least a third key for external authenti- 
cation and/or release control of the information unit 
and processing means for processing the third key. 



38. Chip card accepting device according to one or 
more of claims 33 to 37, characterized by means to 
initiate download of a new release of the informa- 
tion unit, depending on the respective status of the 
third key. 
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Method, system, chip card and chip card accepting device for 
securely handling an information unit against tampering, 
where security control is cooperatively performed by the 
chip card and the chip card accepting device using 
decryption or alternatively signature verification. 



2. Claims: 8-10, 22,23, 31,32, 37,38 

Method, system, chip card and chip card accepting device for 
securely handling an information unit against tampering, 
where security control is cooperatively performed by the 
chip card and the chip card accepting device using 
decryption. 

Method, system, chip card and chip card accepting device 
further comprising verification of the information unit 
version. 



3. Claims: 16,17,27,28 

System and chip card for securely handling an information 
unit against tampering, where security control is 
cooperatively performed by the chip card and the chip card 
accepting device using decryption. 

System and chip card further comprising access control 
provided by the chip card by means of the information unit. 
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